Professional Documents
Culture Documents
Network Security PDF
Network Security PDF
University of Florida Department of Electrical and Computer Engineering
Bhavya Daya
ABSTRACT of intellectual property that can be easily acquired
through the internet.
Network security has become more important to
personal computer users, organizations, and the There are currently two fundamentally different
military. With the advent of the internet, security networks, data networks and synchronous network
became a major concern and the history of security comprised of switches. The internet is considered a
allows a better understanding of the emergence of data network. Since the current data network
security technology. The internet structure itself consists of computer‐based routers, information
allowed for many security threats to occur. The can be obtained by special programs, such as
architecture of the internet, when modified can “Trojan horses,” planted in the routers. The
reduce the possible attacks that can be sent across synchronous network that consists of switches
the network. Knowing the attack methods, allows does not buffer data and therefore are not
for the appropriate security to emerge. Many threatened by attackers. That is why security is
businesses secure themselves from the internet by emphasized in data networks, such as the internet,
means of firewalls and encryption mechanisms. and other networks that link to the internet.
The businesses create an “intranet” to remain
connected to the internet but secured from The vast topic of network security is analyzed by
possible threats. researching the following:
The entire field of network security is vast and in an 1. History of security in networks
evolutionary stage. The range of study 2. Internet architecture and vulnerable
encompasses a brief history dating back to security aspects of the Internet
internet’s beginnings and the current development 3. Types of internet attacks and security
in network security. In order to understand the methods
research being performed today, background 4. Security for networks with internet access
knowledge of the internet, its vulnerabilities, attack 5. Current development in network security
methods through the internet, and security hardware and software
technology is important and therefore they are
reviewed. Based on this research, the future of network
security is forecasted. New trends that are
INTRODUCTION emerging will also be considered to understand
where network security is heading.
The world is becoming more interconnected with
the advent of the Internet and new networking
technology. There is a large amount of personal, 1. Network Security
commercial, military, and government information
on networking infrastructures worldwide. Network System and network technology is a key technology
security is becoming of great importance because for a wide variety of applications. Security is crucial
to networks and applications. Although, network 4. Integrity – Ensure the message has not
security is a critical requirement in emerging been modified in transit
networks, there is a significant lack of security 5. Non‐repudiation – Ensure the user does not
methods that can be easily implemented. refute that he used the network
There exists a “communication gap” between the An effective network security plan is developed
developers of security technology and developers with the understanding of security issues, potential
of networks. Network design is a well‐developed attackers, needed level of security, and factors that
process that is based on the Open Systems make a network vulnerable to attack [1]. The steps
Interface (OSI) model. The OSI model has several involved in understanding the composition of a
advantages when designing networks. It offers secure network, internet or otherwise, is followed
modularity, flexibility, ease‐of‐use, and throughout this research endeavor.
standardization of protocols. The protocols of
different layers can be easily combined to create To lessen the vulnerability of the computer to the
stacks which allow modular development. The network there are many products available. These
implementation of individual layers can be changed tools are encryption, authentication mechanisms,
later without making other adjustments, allowing intrusion‐detection, security management and
flexibility in development. In contrast to network firewalls. Businesses throughout the world are
design, secure network design is not a well‐ using a combination of some of these tools.
developed process. There isn’t a methodology to “Intranets” are both connected to the internet and
manage the complexity of security requirements. reasonably protected from it. The internet
Secure network design does not contain the same architecture itself leads to vulnerabilities in the
advantages as network design. network. Understanding the security issues of the
internet greatly assists in developing new security
When considering network security, it must be technologies and approaches for networks with
emphasized that the whole network is secure. internet access and internet security itself.
Network security does not only concern the
security in the computers at each end of the The types of attacks through the internet need to
communication chain. When transmitting data the also be studied to be able to detect and guard
communication channel should not be vulnerable against them. Intrusion detection systems are
to attack. A possible hacker could target the established based on the types of attacks most
communication channel, obtain the data, decrypt it commonly used. Network intrusions consist of
and re‐insert a false message. Securing the network packets that are introduced to cause problems for
is just as important as securing the computers and the following reasons:
encrypting the message.
• To consume resources uselessly
When developing a secure network, the following • To interfere with any system resource’s
need to be considered [1]: intended function
• To gain system knowledge that can be
1. Access – authorized users are provided the exploited in later attacks
means to communicate to and from a
particular network The last reason for a network intrusion is most
2. Confidentiality – Information in the network commonly guarded against and considered by most
remains private as the only intrusion motive. The other reasons
3. Authentication – Ensure the users of the mentioned need to be thwarted as well.
network are who they say they are
2
Typical security currently exists on the computers
connected to the network. Security protocols The relationship of network security and data
sometimes usually appear as part of a single layer security to the OSI model is shown in Figure 1. It
of the OSI network reference model. Current work can be seen that the cryptography occurs at the
is being performed in using a layered approach to application layer; therefore the application writers
secure network design. The layers of the security are aware of its existence. The user can possibly
model correspond to the OSI model layers. This choose different methods of data security.
security approach leads to an effective and Network security is mostly contained within the
efficient design which circumvents some of the physical layer. Layers above the physical layer are
common security problems. also used to accomplish the network security
required [2]. Authentication is performed on a
2. Differentiating Data Security and layer above the physical layer. Network security in
the physical layer requires failure detection, attack
Network Security
detection mechanisms, and intelligent
countermeasure strategies [2].
Data security is the aspect of security that allows a
client’s data to be transformed into unintelligible
data for transmission. Even if this unintelligible
data is intercepted, a key is needed to decode the HISTORY OF NETWORK SECURITY
message. This method of security is effective to a
certain degree. Strong cryptography in the past can Recent interest in security was fueled by the crime
be easily broken today. Cryptographic methods committed by Kevin Mitnick. Kevin Mitnick
have to continue to advance due to the committed the largest computer‐related crime in
advancement of the hackers as well. U.S. history [3]. The losses were eighty million
dollars in U.S. intellectual property and source code
When transferring ciphertext over a network, it is from a variety of companies [3]. Since then,
helpful to have a secure network. This will allow for information security came into the spotlight.
the ciphertext to be protected, so that it is less
likely for many people to even attempt to break Public networks are being relied upon to deliver
the code. A secure network will also prevent financial and personal information. Due to the
someone from inserting unauthorized messages evolution of information that is made available
into the network. Therefore, hard ciphers are through the internet, information security is also
needed as well as attack‐hard networks [2]. required to evolve. Due to Kevin Mitnick’s offense,
companies are emphasizing security for the
intellectual property. Internet has been a driving
force for data security improvement.
Internet protocols in the past were not developed
to secure themselves. Within the TCP/IP
communication stack, security protocols are not
implemented. This leaves the internet open to
attacks. Modern developments in the internet
architecture have made communication more
secure.
Figure 1: Based on the OSI model, data security and network
security have a different security function [2].
3
1. Brief History of Internet 2. Security Timeline
The birth of the interne takes place in 1969 when Several key events contributed to the birth and
Advanced Research Projects Agency Network evolution of computer and network security. The
(ARPANet) is commissioned by the department of timeline can be started as far back as the 1930s.
defense (DOD) for research in networking.
Polish cryptographers created an enigma machine
The ARPANET is a success from the very beginning. in 1918 that converted plain messages to
Although originally designed to allow scientists to encrypted text. In 1930, Alan Turing, a brilliant
share data and access remote computers, e‐mail mathematician broke the code for the Enigma.
quickly becomes the most popular application. The Securing communications was essential in World
ARPANET becomes a high‐speed digital post office War II.
as people use it to collaborate on research projects
and discuss topics of various interests. The In the 1960s, the term “hacker” is coined by a
InterNetworking Working Group becomes the first couple of Massachusetts Institute of Technology
of several standards‐setting entities to govern the (MIT) students. The Department of Defense began
growing network [10]. Vinton Cerf is elected the the ARPANet, which gains popularity as a conduit
first chairman of the INWG, and later becomes for the electronic exchange of data and
known as a "Father of the Internet." [10] information [3]. This paves the way for the creation
of the carrier network known today as the Internet.
In the 1980s, Bob Kahn and Vinton Cerf are key During the 1970s, the Telnet protocol was
members of a team that create TCP/IP, the developed. This opened the door for public use of
common language of all Internet computers. For data networks that were originally restricted to
the first time the loose collection of networks government contractors and academic researchers
which made up the ARPANET is seen as an [3].
"Internet", and the Internet as we know it today is
born. The mid‐80s marks a boom in the personal During the 1980s, the hackers and crimes relating
computer and super‐minicomputer industries. The to computers were beginning to emerge. The 414
combination of inexpensive desktop machines and gang are raided by authorities after a nine‐day
powerful, network‐ready servers allows many cracking spree where they break into top‐secret
companies to join the Internet for the first time. systems. The Computer Fraud and Abuse Act of
Corporations begin to use the Internet to 1986 was created because of Ian Murphy’s crime of
communicate with each other and with their stealing information from military computers. A
customers. graduate student, Robert Morris, was convicted for
unleashing the Morris Worm to over 6,000
In the 1990s, the internet began to become vulnerable computers connected to the Internet.
available to the public. The World Wide Web was Based on concerns that the Morris Worm ordeal
born. Netscape and Microsoft were both could be replicated, the Computer Emergency
competing on developing a browser for the Response Team (CERT) was created to alert
internet. Internet continues to grow and surfing computer users of network security issues.
the internet has become equivalent to TV viewing
for many users. In the 1990s, Internet became public and the
security concerns increased tremendously.
Approximately 950 million people use the internet
today worldwide [3]. On any day, there are
approximately 225 major incidences of a security
4
breach [3]. These security breaches could also The security architecture of the internet protocol,
result in monetary losses of a large degree. known as IP Security, is a standardization of
Investment in proper security should be a priority internet security. IP security, IPsec, covers the new
for large organizations as well as common users. generation of IP (IPv6) as well as the current
version (IPv4). Although new techniques, such as
INTERNET ARCHITECTURE AND IPsec, have been developed to overcome internet’s
best‐known deficiencies, they seem to be
VULNERABLE SECURITY ASPECTS
insufficient [5]. Figure 2 shows a visual
representation of how IPsec is implemented to
Fear of security breaches on the Internet is causing provide secure communications.
organizations to use protected private networks or
intranets [4]. The Internet Engineering Task Force IPSec is a point‐to‐point protocol, one side
(IETF) has introduced security mechanisms at encrypts, the other decrypts and both sides share
various layers of the Internet Protocol Suite [4]. key or keys. IPSec can be used in two modes,
These security mechanisms allow for the logical namely transport mode and tunnel modes.
protection of data units that are transferred across
the network.
Figure 2: IPsec contains a gateway and a tunnel in order to secure communications. [17]
The current version and new version of the 1. IPv4 and IPv6 Architectures
Internet Protocol are analyzed to determine the
security implications. Although security may exist
IPv4 was design in 1980 to replace the NCP
within the protocol, certain attacks cannot be
protocol on the ARPANET. The IPv4 displayed many
guarded against. These attacks are analyzed to
limitations after two decades [6]. The IPv6 protocol
determine other security mechanisms that may be
was designed with IPv4’s shortcomings in mind.
necessary.
IPv6 is not a superset of the IPv4 protocol; instead
it is a new design.
5
The internet protocol’s design is so vast and cannot configuration hassles for the user but not the
be covered fully. The main parts of the architecture network’s administrators.
relating to security are discussed in detail.
The lack of embedded security within the IPv4
1.1 IPv4 Architecture protocol has led to the many attacks seen today.
Mechanisms to secure IPv4 do exist, but there are
The protocol contains a couple aspects which no requirements for their use [6]. IPsec is a specific
caused problems with its use. These problems do mechanism used to secure the protocol. IPsec
not all relate to security. They are mentioned to secures the packet payloads by means of
gain a comprehensive understanding of the cryptography. IPsec provides the services of
internet protocol and its shortcomings. The causes confidentiality, integrity, and authentication [6].
of problems with the protocol are: This form of protection does not account for the
skilled hacker who may be able to break the
1. Address Space encryption method and obtain the key.
2. Routing
3. Configuration When internet was created, the quality of service
4. Security (QoS) was standardized according to the
5. Quality of Service information that was transferred across the
network. The original transfer of information was
The IPv4 architecture has an address that is 32 bits mostly text‐based. As the internet expanded and
wide [6]. This limits the maximum number of technology evolved, other forms of communication
computers that can be connected to the internet. began to be transmitted across the internet. The
The 32 bit address provides for a maximum of two quality of service for streaming videos and music
billions computers to be connected to the internet. are much different than the standard text. The
The problem of exceeding that number was not protocol does not have the functionality of
foreseen when the protocol was created. The small dynamic QoS that changes based on the type of
address space of the IPv4 facilitates malicious code data being communicated [6].
distribution [5].
1.2 IPv6 Architecture
Routing is a problem for this protocol because the
routing tables are constantly increasing in size. The When IPv6 was being developed, emphasis was
maximum theoretical size of the global routing placed on aspects of the IPv4 protocol that needed
tables was 2.1 million entries [6]. Methods have to be improved. The development efforts were
been adopted to reduce the number of entries in placed in the following areas:
the routing table. This is helpful for a short period
of time, but drastic change needs to be made to 1. Routing and addressing
address this problem. 2. Multi‐protocol architecture
3. Security architecture
The TCP/IP‐based networking of IPv4 requires that 4. Traffic control
the user supplies some data in order to configure a
network. Some of the information required is the The IPv6 protocol’s address space was extended by
IP address, routing gateway address, subnet mask, supporting 128 bit addresses. With 128 bit
and DNS server. The simplicity of configuring the addresses, the protocol can support up to
network is not evident in the IPv4 protocol. The 3.4 10 ^38 machines. The address bits are used
user can request appropriate network less efficiently in this protocol because it simplifies
configuration from a central server [6]. This eases addressing configuration.
6
Table 1: Attack Methods and Security Technology [8]
The IPv6 routing system is more efficient and
enables smaller global routing tables. The host
configuration is also simplified. Hosts can
automatically configure themselves. This new
design allows ease of configuration for the user as
well as network administrator.
The security architecture of the IPv6 protocol is of
great interest. IPsec is embedded within the IPv6
protocol. IPsec functionality is the same for IPv4
and IPv6. The only difference is that IPv6 can utilize
the security mechanism along the entire route [6].
The quality of service problem is handled with IPv6.
The internet protocol allows for special handling of
certain packets with a higher quality of service.
From a high‐level view, the major benefits of IPv6
are its scalability and increased security. IPv6 also
offers other interesting features that are beyond Common attack methods and the security
the scope of this paper. technology will be briefly discussed. Not all of the
methods in the table above are discussed. The
It must be emphasized that after researching IPv6 current technology for dealing with attacks is
and its security features, it is not necessarily more understood in order to comprehend the current
secure than IPv4. The approach to security is only research developments in security hardware and
slightly better, not a radical improvement. software.
2. Attacks through the Current Internet 2.1 Common Internet Attack Methods
Protocol IPv4
Common internet attacks methods are broken
down into categories. Some attacks gain system
There are four main computer security attributes.
knowledge or personal information, such as
They were mentioned before in a slightly different
eavesdropping and phishing. Attacks can also
form, but are restated for convenience and
interfere with the system’s intended function, such
emphasis. These security attributes are
as viruses, worms and trojans. The other form of
confidentiality, integrity, privacy, and availability.
attack is when the system’s resources are
consumes uselessly, these can be caused by denial
Confidentiality and integrity still hold to the same
of service (DoS) attack. Other forms of network
definition. Availability means the computer assets
intrusions also exist, such as land attacks, smurf
can be accessed by authorized people [8]. Privacy is
attacks, and teardrop attacks. These attacks are
the right to protect personal secrets [8]. Various
not as well known as DoS attacks, but they are
attack methods relate to these four security
used in some form or another even if they aren’t
attributes. Table 1 shows the attack methods and
mentioned by name.
solutions.
7
2.1.1 Eavesdropping personal data, such as credit card numbers, online
banking credentials, and other sensitive
Interception of communications by an information.
unauthorized party is called eavesdropping. Passive
eavesdropping is when the person only secretly 2.1.6 IP Spoofing Attacks
listens to the networked messages. On the other
hand, active eavesdropping is when the intruder Spoofing means to have the address of the
listens and inserts something into the computer mirror the address of a trusted computer
communication stream. This can lead to the in order to gain access to other computers. The
messages being distorted. Sensitive information identity of the intruder is hidden by different
can be stolen this way [8]. means making detection and prevention difficult.
With the current IP protocol technology, IP‐
2.1.2 Viruses spoofed packets cannot be eliminated [8].
Viruses are self‐replication programs that use files 2.1.7 Denial of Service
to infect and propagate [8]. Once a file is opened,
the virus will activate within the system. Denial of Service is an attack when the system
receiving too many requests cannot return
communication with the requestors [9]. The
2.1.3 Worms system then consumes resources waiting for the
handshake to complete. Eventually, the system
A worm is similar to a virus because they both are cannot respond to any more requests rendering it
self‐replicating, but the worm does not require a without service.
file to allow it to propagate [8]. There are two main
types of worms, mass‐mailing worms and network‐
2.2 Technology for Internet Security
aware worms. Mass mailing worms use email as a
means to infect other computers. Network‐aware Internet threats will continue to be a major issue in
worms are a major problem for the Internet. A the global world as long as information is
network‐aware worm selects a target and once the accessible and transferred across the Internet.
worm accesses the target host, it can infect it by Different defense and detection mechanisms were
means of a Trojan or otherwise. developed to deal with these attacks.
2.1.4 Trojans 2.2.1 Cryptographic systems
Trojans appear to be benign programs to the user, Cryptography is a useful and widely used tool in
but will actually have some malicious purpose. security engineering today. It involved the use of
Trojans usually carry some payload such as a virus codes and ciphers to transform information into
[8]. unintelligible data.
2.1.5 Phishing 2.2.2 Firewall
Phishing is an attempt to obtain confidential A firewall is a typical border control mechanism or
information from an individual, group, or perimeter defense. The purpose of a firewall is to
organization [9]. Phishers trick users into disclosing block traffic from the outside, but it could also be
8
used to block traffic from the inside. A firewall is areas of the IPv6 protocol still pose a potential
the front line defense mechanism against security issue.
intruders. It is a system designed to prevent
unauthorized access to or from a private network. The new internet protocol does not protect against
Firewalls can be implemented in both hardware misconfigured servers, poorly designed
and software, or a combination of both [8]. applications, or poorly protected sites.
2.2.3 Intrusion Detection Systems The possible security problems emerge due to the
following [5]:
An Intrusion Detection System (IDS) is an additional
protection measure that helps ward off computer 1. Header manipulation issues
intrusions. IDS systems can be software and 2. Flooding issues
hardware devices used to detect an attack. IDS 3. Mobility issues
products are used to monitor connection in
determining whether attacks are been launched. Header manipulation issues arise due to the IPsec’s
Some IDS systems just monitor and alert of an embedded functionality [7]. Extension headers
attack, whereas others try to block the attack. deter some common sources of attacks because of
header manipulation. The problem is that
extension headers need to be processed by all
2.2.4 Anti‐Malware Software and scanners stacks, and this can lead to a long chain of
extension headers. The large number of extension
Viruses, worms and Trojan horses are all examples headers can overwhelm a certain node and is a
of malicious software, or Malware for short. Special form of attack if it is deliberate. Spoofing continues
so‐called anti‐Malware tools are used to detect to be a security threat on IPv6 protocol.
them and cure an infected system.
A type of attack called port scanning occurs when a
2.2.5 Secure Socket Layer (SSL) whole section of a network is scanned to find
potential targets with open services [5]. The
The Secure Socket Layer (SSL) is a suite of protocols address space of the IPv6 protocol is large but the
that is a standard way to achieve a good level of protocol is still not invulnerable to this type of
security between a web browser and a website. SSL attack.
is designed to create a secure channel, or tunnel,
between a web browser and the web server, so Mobility is a new feature that is incorporated into
that any information exchanged is protected within the internet protocol IPv6. The feature requires
the secured tunnel. SSL provides authentication of special security measures. Network administrators
clients to server through the use of certificates. need to be aware of these security needs when
Clients present a certificate to the server to prove using IPv6’s mobility feature.
their identity.
SECURITY IN DIFFERENT NETWORKS
3. Security Issues of IP Protocol IPv6
The businesses today use combinations of firewalls,
From a security point of view, IPv6 is a considerable encryption, and authentication mechanisms to
advancement over the IPv4 internet protocol. create “intranets” that are connected to the
Despite the IPv6’s great security mechanisms, it internet but protected from it at the same time.
still continues to be vulnerable to threats. Some
9
Intranet is a private computer network that uses employee. Figure 3 is a graphical representation of
internet protocols. Intranets differ from an organization and VPN network.
"Extranets" in that the former are generally
restricted to employees of the organization while
extranets can generally be accessed by customers,
suppliers, or other approved parties.
There does not necessarily have to be any access
from the organization's internal network to the
Internet itself. When such access is provided it is
usually through a gateway with a firewall, along
with user authentication, encryption of messages,
and often makes use of virtual private networks
(VPNs).
Although intranets can be set up quickly to share
Figure 3: A typical VPN might have a main LAN at the corporate
data in a controlled environment, that data is still headquarters of a company, other LANs at remote offices or
at risk unless there is tight security. The facilities and individual users connecting from out in the field. [14]
disadvantage of a closed intranet is that vital data
might not get into the hands of those who need it.
Intranets have a place within agencies. But for CURRENT DEVELOPMENTS IN NETWORK
broader data sharing, it might be better to keep SECURITY
the networks open, with these safeguards:
The network security field is continuing down the
1. Firewalls that detect and report intrusion same route. The same methodologies are being
attempts used with the addition of biometric identification.
2. Sophisticated virus checking at the firewall Biometrics provides a better method of
3. Enforced rules for employee opening of e‐ authentication than passwords. This might greatly
mail attachments reduce the unauthorized access of secure systems.
4. Encryption for all connections and data New technology such as the smart card is surfacing
transfers in research on network security. The software
5. Authentication by synchronized, timed aspect of network security is very dynamic.
passwords or security certificates Constantly new firewalls and encryption schemes
are being implemented.
It was mentioned that if the intranet wanted access
to the internet, virtual private networks are often The research being performed assists in
used. Intranets that exist across multiple locations understanding current development and projecting
generally run over separate leased lines or a newer the future developments of the field.
approach of VPN can be utilized. VPN is a private
network that uses a public network (usually the 1. Hardware Developments
Internet) to connect remote sites or users together.
Instead of using a dedicated, real‐world connection
Hardware developments are not developing
such as leased line, a VPN uses "virtual"
rapidly. Biometric systems and smart cards are the
connections routed through the Internet from the
only new hardware technologies that are widely
company's private network to the remote site or
impacting security.
10
The most obvious use of biometrics for network provide undeniable proof of a user’s identity. Smart
security is for secure workstation logons for a cards can be used for everything from logging in to
workstation connected to a network. Each the network to providing secure Web
workstation requires some software support for communications and secure e‐mail transactions.
biometric identification of the user as well as,
depending on the biometric being used, some It may seem that smart cards are nothing more
hardware device. The cost of hardware devices is than a repository for storing passwords. Obviously,
one thing that may lead to the widespread use of someone can easily steal a smart card from
voice biometric security identification, especially someone else. Fortunately, there are safety
among companies and organizations on a low features built into smart cards to prevent someone
budget. Hardware device such as computer mice from using a stolen card. Smart cards require
with built in thumbprint readers would be the next anyone who is using them to enter a personal
step up. These devices would be more expensive to identification number (PIN) before they’ll be
implement on several computers, as each machine granted any level of access into the system. The
would require its own hardware device. A PIN is similar to the PIN used by ATM machines.
biometric mouse, with the software to support it, is
available from around $120 in the U.S. The When a user inserts the smart card into the card
advantage of voice recognition software is that it reader, the smart card prompts the user for a PIN.
can be centralized, thus reducing the cost of This PIN was assigned to the user by the
implementation per machine. At top of the range a administrator at the time the administrator issued
centralized voice biometric package can cost up to the card to the user. Because the PIN is short and
$50,000 but may be able to manage the secure log‐ purely numeric, the user should have no trouble
in of up to 5000 machines. remembering it and therefore would be unlikely to
write the PIN down.
The main use of Biometric network security will be
to replace the current password system. But the interesting thing is what happens when the
Maintaining password security can be a major task user inputs the PIN. The PIN is verified from inside
for even a small organization. Passwords have to the smart card. Because the PIN is never
be changed every few months and people forget transmitted across the network, there’s absolutely
their password or lock themselves out of the no danger of it being intercepted. The main
system by incorrectly entering their password benefit, though, is that the PIN is useless without
repeatedly. Very often people write their password the smart card, and the smart card is useless
down and keep it near their computer. This is of without the PIN.
course completely undermines any effort at
network security. Biometrics can replace this There are other security issues of the smart card.
security identification method. The use of The smart card is cost‐effective but not as secure
biometric identification stops this problem and as the biometric identification devices.
while it may be expensive to set up at first, these
devices save on administration and user assistance 2. Software Developments
costs.
The software aspect of network security is very
Smart cards are usually a credit‐card‐sized digital vast. It includes firewalls, antivirus, vpn, intrusion
electronic media. The card itself is designed to detection, and much more. The research
store encryption keys and other information used development of all security software is not feasible
in authentication and other identification to study at this point. The goal is to obtain a view
processes. The main idea behind smart cards is to
11
of where the security software is heading based on CONCLUSION
emphasis being placed now.
Network security is an important field that is
The improvement of the standard security increasingly gaining attention as the internet
software still remains the same. When new viruses expands. The security threats and internet protocol
emerge, the antivirus is updated to be able to were analyzed to determine the necessary security
guard against those threats. This process is the technology. The security technology is mostly
same for firewalls and intrusion detection systems. software based, but many common hardware
Many research papers that have been skimmed devices are used. The current development in
were based on analyzing attack patterns in order to network security is not very impressive.
create smarter security software.
Originally it was assumed that with the importance
As the security hardware transitions to biometrics, of the network security field, new approaches to
the software also needs to be able to use the security, both hardware and software, would be
information appropriately. Current research is actively researched. It was a surprise to see most of
being performed on security software using neural the development taking place in the same
networks. The objective of the research is to use technologies being currently used. The embedded
neural networks for the facial recognition software. security of the new internet protocol IPv6 may
provide many benefits to internet users. Although
Many small and complex devices can be connected some security issues were observed, the IPv6
to the internet. Most of the current security internet protocol seems to evade many of the
algorithms are computational intensive and require current popular attacks. Combined use of IPv6 and
substantial processing power. This power, security tools such as firewalls, intrusion detection,
however, is not available in small devices like and authentication mechanisms will prove effective
sensors. Therefore, there is a need for designing in guarding intellectual property for the near
light‐weight security algorithms. Research in this future. The network security field may have to
area is currently being performed. evolve more rapidly to deal with the threats further
in the future.
FUTURE TRENDS IN SECURITY
REFERENCES
What is going to drive the Internet security is the
set of applications more than anything else. The [1] Dowd, P.W.; McHenry, J.T., "Network security: it's
future will possibly be that the security is similar to time to take it seriously," Computer, vol.31, no.9, pp.24‐
an immune system. The immune system fights off 28, Sep 1998
attacks and builds itself to fight tougher enemies.
Similarly, the network security will be able to [2] Kartalopoulos, S. V., "Differentiating Data Security
function as an immune system. and Network Security," Communications, 2008. ICC '08.
IEEE International Conference on, pp.1469‐1473, 19‐23
The trend towards biometrics could have taken May 2008
place a while ago, but it seems that it isn’t being
[3] “Security Overview,”
actively pursued. Many security developments that
www.redhat.com/docs/manuals/enterprise/RHEL‐4‐
are taking place are within the same set of security Manual/security‐guide/ch‐sgs‐ov.html.
technology that is being used today with some
minor adjustments. [4] Molva, R., Institut Eurecom,“Internet Security
Architecture,” in Computer Networks & ISDN Systems
Journal, vol. 31, pp. 787‐804, April 1999
12
[16]Curtin, M. “Introduction to Network Security,”
[5] Sotillo, S., East Carolina University, “IPv6 security http://www.interhack.net/pubs/network‐security.
issues,” August 2006,
www.infosecwriters.com/text_resources/pdf/IPv6_SSot [17] “Improving Security,”
illo.pdf. http://www.cert.org/tech_tips, 2006.
[6] Andress J., “IPv6: the next internet protocol,” April [18] Serpanos, D.N.; Voyiatzis, A.G., "Secure network
2005, www.usenix.com/publications/login/2005‐ design: A layered approach," Autonomous Decentralized
04/pdfs/andress0504.pdf. System, 2002. The 2nd International Workshop on, vol.,
no., pp. 95‐100, 6‐7 Nov. 2002
[7] Warfield M., “Security Implications of IPv6,” Internet
Security Systems White Paper, [19] Ohta, T.; Chikaraishi, T., "Network security model,"
documents.iss.net/whitepapers/IPv6.pdf Networks, 1993. International Conference on
Information Engineering '93. 'Communications and
[8] Adeyinka, O., "Internet Attack Methods and Internet Networks for the Year 2000', Proceedings of IEEE
Security Technology," Modeling & Simulation, 2008. Singapore International Conference on , vol.2, no.,
AICMS 08. Second Asia International Conference on, pp.507‐511 vol.2, 6‐11 Sep 1993
vol., no., pp.77‐82, 13‐15 May 2008
[9] Marin, G.A., "Network security basics," Security &
Privacy, IEEE , vol.3, no.6, pp. 68‐72, Nov.‐Dec. 2005
[10] “Internet History Timeline,”
www3.baylor.edu/~Sharon_P_Johnson/etg/inthistory.h
tm.
[11] Landwehr, C.E.; Goldschlag, D.M., "Security issues
in networks with Internet access," Proceedings of the
IEEE, vol.85, no.12, pp.2034‐2051, Dec 1997
[12] "Intranet." Wikipedia, The Free Encyclopedia. 23
Jun 2008, 10:43 UTC. Wikimedia Foundation, Inc. 2 Jul
2008
<http://en.wikipedia.org/w/index.php?title=Intranet&ol
did=221174244>.
[13] "Virtual private network." Wikipedia, The Free
Encyclopedia. 30 Jun 2008, 19:32 UTC. Wikimedia
Foundation, Inc. 2 Jul 2008
<http://en.wikipedia.org/w/index.php?title=Virtual_priv
ate_network&oldid=222715612>.
[14] Tyson, J., ”How Virtual private networks work,”
http://www.howstuffworks.com/vpn.htm .
[15] Al‐Salqan, Y.Y., "Future trends in Internet security,"
Distributed Computing Systems, 1997., Proceedings of
the Sixth IEEE Computer Society Workshop on Future
Trends of , vol., no., pp.216‐217, 29‐31 Oct 1997
13